Top senator: The extent of Russia's election attacks is 'much broader than has been reported'

Democratic Sen. Mark Warner of Virginia.
Joe Raedle/Getty Images
Sen. Mark Warner told USA Today on Tuesday that the extent of Russia's cyberattacks around the US election was "much broader than has been reported so far."

The comments from Warner, the ranking Democrat on the Senate Intelligence Committee, came one day after The Intercept reported on a top-secret National Security Agency document that said hackers associated with Russia's military intelligence agency targeted a company with information on US voting software days before the election.

The agency used the data to launch "voter-registration-themed" cyberattacks on local government officials, according to the NSA document.

Warner told USA Today that he was pushing intelligence agencies to declassify the names of the states affected by those cyberattacks so they could prepare for midterm elections in 2018. The Senate Intelligence Committee is investigating Russia's election interference and whether any member of President Donald Trump's campaign team colluded with Moscow to undermine Hillary Clinton.

"I really want to press the case," Warner said. "This is not an attempt to embarrass any state. This is a case to make sure that the American public writ large realizes that if we don't get ahead of this, this same kind of intervention could take place in 2018 and definitely will take place in 2020."

The Brennan Center for Justice estimated in August that up to 20% of US voters would use a digital system without a paper trail to cast votes on November 8, and 42 states would use voting machines that were at least a decade old and had outdated hardware and software.

The NSA document offers the clearest indication yet that Russian hackers sought to penetrate US voting systems tied to voter registration in the days and weeks leading up to the election. And it's most likely "just the tip of the iceberg," said Jeff Bardin, the chief intelligence officer at the cybersecurity firm Treadstone 71.

"This was the Russians' way of seeing what they could get access to," Bardin said in an interview. "They realized they could get access to the voting registration systems, which can have an impact on state elections and primaries. And this was only one NSA report about one [hacked] system.

"If the Russians were going after this system, how many others could they have gone after?" Bardin added.

The NSA document — which the Justice Department says was stolen and leaked to The Intercept by a 25-year-old government contractor from Georgia — concluded that "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards" in the days leading up to the election.

The NSA did not draw any conclusions about whether the effort had an effect on the election's outcome. The agency declined to comment when reached by Business Insider on Monday.

But according to the NSA report, evidence that the hackers were also stealing the login credentials of people with administrative access to the voter-registration systems raises concerns that the Russians were able to do "anything they wanted" — including, Bardin said, breaching voting machines.

"It is possible," Bardin said. "The voter-registration systems they hacked would just have to have some tie back into the actual voting machine."